SSL Report: printware.co.uk ( )

Similar documents
SSL Report: cartridgeworld.co.uk ( )

SSL Report: bourdiol.xyz ( )

SSL Report: sharplesgroup.com ( )

SSL Report: ( )

SSL/TLS Security Assessment of e-vo.ru

SSL/TLS Server Test of

SSL/TLS Server Test of grupoconsultorefe.com

TLS1.2 IS DEAD BE READY FOR TLS1.3

Install the ExtraHop session key forwarder on a Windows server

Findings for

High-Tech Bridge s Free SSL Server Test API Developer Documentation Version v1.2 24th of January 2018

Coming of Age: A Longitudinal Study of TLS Deployment

State of TLS usage current and future. Dave Thompson

SSL Visibility and Troubleshooting

Requirements from the. Functional Package for Transport Layer Security (TLS)

SSL Server Rating Guide

TLS 1.2 Protocol Execution Transcript

SSL/TLS Deployment Best Practices

The State of TLS in httpd 2.4. William A. Rowe Jr.

Defeating All Man-in-the-Middle Attacks

But where'd that extra "s" come from, and what does it mean?

Your Apps and Evolving Network Security Standards

TLS Security and Future

TLS 1.1 Security fixes and TLS extensions RFC4346

How to Configure SSL Interception in the Firewall

Securing Connections for IBM Traveler Apps. Bill Wimer STSM for IBM Collaboration Solutions December 13, 2016

Information Security CS 526

Legacy of Heartbleed: MITM and Revoked Certificates. Alexey Busygin NeoBIT

Securing Communications with your Apache HTTP Server. Lars Eilebrecht

PROVING WHO YOU ARE TLS & THE PKI

SSL/TLS & 3D Secure. CS 470 Introduction to Applied Cryptography. Ali Aydın Selçuk. CS470, A.A.Selçuk SSL/TLS & 3DSec 1

Overview of SSL/TLS. Luke Anderson. 12 th May University Of Sydney.

Datapath. Encryption

CIS 5373 Systems Security

Datapath. Encryption

Security Protocols and Infrastructures

feature HTTPS Posture Assessment Ideal Configuration

Internet SSL Survey 2010

HTTPS is Fast and Hassle-free with Cloudflare

MTAT Applied Cryptography

32c3. December 28, Nick goto fail;

IBM Education Assistance for z/os V2R1

SSL Accelerated Services. Feature Description

Scan Report Executive Summary. Part 2. Component Compliance Summary Component (IP Address, domain, etc.):ekk.worldtravelink.com

SSL / TLS. Crypto in the Ugly Real World. Malvin Gattinger

Scan Report Executive Summary. Part 2. Component Compliance Summary IP Address :

Progressively Securing RIOT-OS!

Secure Socket Layer Health Assessment

Overview of TLS v1.3. What s new, what s removed and what s changed?

Overview of TLS v1.3 What s new, what s removed and what s changed?

Scan Report Executive Summary

Internet security and privacy

Cryptography SSL/TLS. Network Security Workshop. 3-5 October 2017 Port Moresby, Papua New Guinea

Verifying Real-World Security Protocols from finding attacks to proving security theorems

BIG-IP System: SSL Administration. Version

SECRETS OF THE ENCRYPTED INTERNET: WORLDWIDE CRYPTOGRAPHIC TRENDS

Security Protocols and Infrastructures. Winter Term 2010/2011

Transport Level Security

Scan Report Executive Summary

APPLICATION & INFRASTRUCTURE SECURITY CONTROLS

Security Protocols and Infrastructures. Winter Term 2015/2016

ATS Test Documentation

BIG-IP System: SSL Administration. Version

One Year of SSL Internet Measurement ACSAC 2012

Configuring SSL. SSL Overview CHAPTER

Configuring SSL. SSL Overview CHAPTER

Ecosystem at Large

Scan Report Executive Summary. Part 2. Component Compliance Summary Component (IP Address, domain, etc.):

Data Security and Privacy. Topic 14: Authentication and Key Establishment

SSL247 SHA-2 MIGRATION

Practical Issues with TLS Client Certificate Authentication

How to Configure SSL Interception in the Firewall

Configuring SSL CHAPTER

The Security Impact of HTTPS Interception

Secure Sockets Layer (SSL) / Transport Layer Security (TLS)

TLS. RFC2246: The TLS Protocol. (c) A. Mariën -

Operational User Guidance and Preparative

TLS Decryption on Cisco Security Devices

13/11/2014. Pa rt 2 S S L i m p a c t a n d o p t i m i s a t i o n. Pa rt 1 A b o u t S S L C e r t f i c a t e s. W h a t i s S S L / T L S

VisiBroker for Visual Studio 2013

UNCLASSIFIED INFORMATION TECHNOLOGY SECURITY GUIDANCE

SSL/TLS Vulnerability Detection Using Black Box Approach

Overview. SSL Cryptography Overview CHAPTER 1

SSL247 SHA-2 MIGRATION

Verify certificate chain with OpenSSL

Norbert Muehr (Siemens PLM GTAC EMEA)

Universität Hamburg. SSL & Company. Fachbereich Informatik SVS Sicherheit in Verteilten Systemen. Security in TCP/IP. UH, FB Inf, SVS, 18-Okt-04 2

BG96 SSL AT Commands Manual

Lab 7: Tunnelling and Web Security

Displaying SSL Configuration Information and Statistics

Nubo Software Thin Client Common Criteria Addendum. Document Version: 1.2. Copyright 2018 by Nubo Inc. All rights reserved

Comodo Certificate Manager Software Version 5.0

Configuring and Using SSL

Installation and usage of SSL certificates: Your guide to getting it right

ON THE SECURITY OF TLS RENEGOTIATION

WAP Security. Helsinki University of Technology S Security of Communication Protocols

Release Notes Version 7.8

Securing VMware NSX-T J U N E 2018

Encryption What s Hiding in Plain Sight.

Barracuda Firewall Release Notes 6.6.X

Transcription:

1 of 5 26/06/2015 14:27 Home Projects Qualys.com Contact You are here: Home > Projects > SSL Server Test > printware.co.uk SSL Report: printware.co.uk (194.143.166.5) Assessed on: Fri, 26 Jun 2015 12:53:08 UTC HIDDEN Clear cache Scan Another» Summary Overall Rating Certificate 100 Protocol Support 90 Key Exchange 90 Cipher Strength 90 0 20 40 60 80 100 Visit our documentation page for more information, configuration guides, and books. Known issues are documented here. This server is vulnerable to the POODLE attack. If possible, disable SSL 3 to mitigate. Grade capped to C. MORE INFO» Certificate uses a weak signature. When renewing, ensure you upgrade to SHA2. MORE INFO» The server does not support Forward Secrecy with the reference browsers. MORE INFO» Authentication Server Key and Certificate #1 Common names Alternative names Prefix handling Valid from printware.co.uk Both (with and without WWW) Mon, 17 Feb 201417:09:59 UTC Sat, 19 Mar 201617:09:59 UTC (expires in 8 months and 22 days) Weak key (Debian) Extended Validation Certificate Transparency Revocation information Revocation status Trusted CRL, OCSP Good (not revoked) Additional Certificates (if supplied) Certificates provided Chain issues 3 (3720 bytes) ne #2 Subject

2 of 5 26/06/2015 14:27 Additional Certificates (if supplied) Wed, 13 Apr 2022 10:00:00 UTC (expires in 6 years and 9 months) #3 Subject Fingerprint: 69ff62102aa7da9c7f7b74662aa31c6a2f0bd00d Fri, 28 Jan 2028 12:00:00 UTC (expires in 12 years and 7 months) Root CA Certification Paths Path #1: Trusted 1 Sent by server 2 Sent by server 3 In trust store Fingerprint: b9c1620dc088a49aee72448d0137423193f73e0e Self-signed Fingerprint: 75e0abb6138512271c04f85fddde38e4b7242efe Weak or insecure signature, but no impact on root certificate Path #2: Trusted 1 Sent by server 2 Sent by server 3 Sent by server 4 In trust store Fingerprint: b9c1620dc088a49aee72448d0137423193f73e0e Fingerprint: 69ff62102aa7da9c7f7b74662aa31c6a2f0bd00d Root CA Self-signed Fingerprint: b1bc968bd4f49d622aa89a81f2150152a41d829c Weak or insecure signature, but no impact on root certificate Configuration Protocols TLS 1.2 TLS 1.1 TLS 1.0 SSL 3 INSECURE SSL 2 Cipher Suites (sorted by strength; the server has no preference)

3 of 5 26/06/2015 14:27 Cipher Suites (sorted by strength; the server has no preference) TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) 128 TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33) DH 2048 bits (p: 256, g: 1, Ys: 256) FS 128 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (0x41) 128 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (0x45) DH 2048 bits (p: 256, g: 1, Ys: 256) FS 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) ECDH 256 bits (eq. 3072 bits RSA) FS 128 TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c) 128 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x67) DH 2048 bits (p: 256, g: 1, Ys: 256) FS 128 TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c) 128 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e) DH 2048 bits (p: 256, g: 1, Ys: 256) FS 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027) ECDH 256 bits (eq. 3072 bits RSA) FS 128 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) ECDH 256 bits (eq. 3072 bits RSA) FS 128 TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa) 112 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x16) DH 2048 bits (p: 256, g: 1, Ys: 256) FS 112 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (0xc012) ECDH 256 bits (eq. 3072 bits RSA) FS 112 TLS_RSA_WITH_AES_256_CBC_SHA (0x35) 256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39) DH 2048 bits (p: 256, g: 1, Ys: 256) FS 256 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x84) 256 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (0x88) DH 2048 bits (p: 256, g: 1, Ys: 256) FS 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) ECDH 256 bits (eq. 3072 bits RSA) FS 256 TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d) 256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x6b) DH 2048 bits (p: 256, g: 1, Ys: 256) FS 256 TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d) 256 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f) DH 2048 bits (p: 256, g: 1, Ys: 256) FS 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) ECDH 256 bits (eq. 3072 bits RSA) FS 256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) ECDH 256 bits (eq. 3072 bits RSA) FS 256 Handshake Simulation Android 2.3.7 SNI 2 TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) FS 128 Android 4.0.4 TLS 1.0 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) FS 256 Android 4.1.1 TLS 1.0 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) FS 256 Android 4.2.2 TLS 1.0 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) FS 256 Android 4.3 TLS 1.0 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) FS 256 Android 4.4.2 TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) FS 256 Android 5.0.0 TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) FS 256 Baidu Jan 2015 TLS 1.0 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) FS 256 BingPreview Jan 2015 TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) FS 256 Chrome 42 / OS X R TLS 1.2 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) FS 128 Firefox 31.3.0 ESR / Win 7 TLS 1.2 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) FS 128 Firefox 37 / OS X R TLS 1.2 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) FS 128 Googlebot Feb 2015 TLS 1.2 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) FS 128 IE 6 / XP FS 1 SNI 2 SSL 3 TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa) FS 112 IE 7 / Vista TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) FS 128 IE 8 / XP FS 1 SNI 2 TLS 1.0 TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa) FS 112 IE 8-10 / Win 7 R TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) FS 128 IE 11 / Win 7 R TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) FS 256 IE 11 / Win 8.1 R TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) FS 256 IE Mobile 10 / Win Phone 8.0 TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) FS 128 IE Mobile 11 / Win Phone 8.1 TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) FS 256 Java 6u45 SNI 2 TLS 1.0 TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) FS 128 Java 7u25 TLS 1.0 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) FS 128

4 of 5 26/06/2015 14:27 Handshake Simulation Java 8u31 TLS 1.2 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027) FS 128 OpenSSL 0.9.8y TLS 1.0 TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39) FS 256 OpenSSL 1.0.1l R TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) FS 256 OpenSSL 1.0.2 R TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) FS 256 Safari 5.1.9 / OS X 10.6.8 TLS 1.0 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) FS 128 Safari 6 / ios 6.0.1 R TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) FS 256 Safari 6.0.4 / OS X 10.8.4 R TLS 1.0 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) FS 256 Safari 7 / ios 7.1 R TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) FS 256 Safari 7 / OS X 10.9 R TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) FS 256 Safari 8 / ios 8.1.2 R TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) FS 256 Safari 8 / OS X 10.10 R TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) FS 256 Yahoo Slurp Jan 2015 TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) FS 256 YandexBot Jan 2015 TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) FS 256 (1) Clients that do not support Forward Secrecy (FS) are excluded when determining support for it. (2) support for virtual SSL hosting (SNI). Connects to the default site if the server uses SNI. (R) Denotes a reference browser or client, with which we expect better effective security. (All) We use defaults, but some platforms do not use their best protocols and features (e.g., Java 6 & 7, older IE). Protocol Details Secure Renegotiation Secure Client-Initiated Renegotiation Supported Insecure Client-Initiated Renegotiation BEAST attack POODLE (SSLv3) POODLE (TLS) Downgrade attack prevention TLS compression RC4 Heartbeat (extension) Heartbleed (vulnerability) OpenSSL CCS vuln. (CVE-2014-0224) Forward Secrecy Next Protocol Negotiation (NPN) Session resumption (caching) Session resumption (tickets) OCSP stapling Strict Transport Security (HSTS) Public Key Pinning (HPKP) Long handshake intolerance TLS extension intolerance TLS version intolerance t mitigated server-side (more info) SSL 3: 0x2f, TLS 1.0: 0x2f Vulnerable INSECURE (more info) (more info), TLS_FALLBACK_SCSV not supported (more info) (more info) (more info) With some browsers (more info) Incorrect SNI alerts - Uses common DH prime SSL 2 handshake compatibility Miscellaneous Test date Test duration Fri, 26 Jun 2015 12:50:58 UTC 129.849 seconds HTTP status code 200 HTTP server signature Apache/2.4.10 (Debian) OpenSSL/1.0.1i Server hostname -

5 of 5 26/06/2015 14:27 SSL Report v1.18.1 Copyright 2009-2015 Qualys, Inc. All Rights Reserved. Terms and Conditions

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback